AMENDMENTS TO THE CLAIMS 

1. (currently amended) A system for facilitating a cooperative response by a 
plurality of members of a domain to a threat condition, with each of the plurality of 
members being operable to generate log records relating to the use and attempted use 
of the respective member, the system comprising: 

a log server operable to receive and store the log and audit records of the 
plurality of members; 

a detection server operable to access the log server and parse the stored log 
and audit records in identifying an occurrence of the threat condition in any of the 
plurality of members ; and 

a profile server operable to store an alert status indicative of identification 
of the occurrence of the threat condition by the detection server, 

wherein each of the plurality of members is operable to query the profile 
server in order to check an alert status, and, in response to an alert, to implement a pre- 
defined action. 

2. (original) The system as set forth in claim 1, wherein the domain is 
defined as a logical grouping of the plurality of members which are not necessarily 
otherwise related. 

3. (original) The system as set forth in claim 2, wherein the logical 
grouping is based upon a value characteristic and a risk tolerance characteristic of each 
of the plurality of members. 

4. (original) The system as set forth in claim 1, wherein the detection server 
applies a threat-detection logic in conjunction with a pre-established threshold value in 
identifying the occurrence of the threat condition. 

5. (original) The system as set forth in claim 1, wherein the profile server is 
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operable to provide a security profile including - 

a log server IP address operable to identify the log server to which each of 
the plurality of members should send the log records; 

a configuration refresh frequency operable to a define a frequency at which 
to query the profile server for an update of the security profile; 

a device value operable to define a value of each of the plurality of 
members, wherein the device value is used by the detection server when identifying 
the occurrence of the threat condition; 

a threshold value operable in conjunction with a threat detection logic used 
by the detection server in identifying the occurrence of the threat condition; and 

an alert query frequency operable to define a frequency at which to query 
the profile server for an update of the alert status. 

6. (original) The system as set forth in claim 1, wherein the alert 
automatically expires, if no additional action is taken, after a pre-defined period of 
time. 

7. (original) The system as set forth in claim 1, wherein the plurality of 
members are operable to send via a non-routable protocol a broadcast message 
communicating the occurrence of the threat condition to an edge device. 

8. (original) The system as set forth in claim 1, wherein the occurrence of 
the threat condition is communicated to a second domain for evaluation and possible 
pre-emptive action. 

9. (currently amended) A system for facilitating a cooperative response by a 
plurality of members of a domain to a threat condition, with each of the plurality of 
members being operable to generate log records relating to the use and attempted use 
of the respective member, the system comprising: 

a log server operable to receive and store the log and audit records of the 
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plurality of members ; 

a detection server operable to access the log server and parse the stored log 
and audit records in identifying an occurrence of the threat condition in any of the 
plurality of members ; 

a profile server operable to store an alert status indicative of identification 
of the occurrence of the threat condition by the detection server, wherein each of the 
plurality of members are operable to query the profile server in order to check the alert 
status, and, in response to an alert, to implement a pre-defined response, and further 
operable to send via a non-routable protocol a broadcast message communicating the 
occurrence of the threat condition to an edge device; and 

a protective firewall interposed between the domain and the log server, 
detection server, and profile server 

10. (original) The system as set forth in claim 9, wherein the domain is 
defined as a logical grouping of the plurality of members which are not necessarily 
otherwise related. 

11. (original) The system as set forth in claim 10, wherein the logical 
grouping is based upon a value characteristic and a risk tolerance characteristic of each 
of the plurality of members. 

12. (original) The system as set forth in claim 9, wherein the detection 
server applies a threat-detection logic in conjunction with a pre-established threshold 
value in identifying the occurrence of the threat condition. 

13. (original) The system as set forth in claim 9, wherein the profile server 
is operable to provide a security profile including - 

a log server IP address operable to identify the log server to which each of 
the plurality of members should send the log records; 

a configuration refresh frequency operable to a define a frequency at which 
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to query the profile server for an update of the security profile; 

a device value operable to define a value of each of the plurality of 
members, wherein the device value is used by the detection server in identifying the 
occurrence of the threat condition; 

a threshold value operable in conjunction with a threat detection logic used 
by the detection server in identifying the occurrence of the threat condition; and 

an alert query frequency operable to define a frequency at which to query 
the profile server for an update of the alert status. 

14. (original) The system as set forth in claim 9, wherein the alert 
automatically expires, if no additional action is taken, after a pre-defined period of 
time. 

15. (original) The system as set forth in claim 9, wherein the occurrence of 
the threat condition is communicated to a second domain for evaluation and possible 
pre-emptive action. 

16. (currently amended) A computer program for facilitating a cooperative 
response by a plurality of members of a domain to a detected threat condition, with 
each of the plurality of members being operable to generate log records relating to the 
use and attempted use of the respective member, the computer program comprising: 

a code segment operable in the plurality of members to copy the log records 
to a remote location; 

a code segment operable in the remote location to receive and store the log 

records; 

a code segment operable in the remote location to parse the stored log 
records in identifying an occurrence of the threat condition; 

a code segment operable in the remote location to set an alert status 
indicative of identification of the occurrence of the threat condition; and 

a code segment operable in the plurality of members to periodically query 
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the alert status, and, in response to an alert, to implement a pre-defined action. 

17. (original) The computer program as set forth in claim 16, wherein the 
domain is defined as a logical grouping of the plurality of members which are not 
necessarily otherwise related. 



18. (original) The computer program as set forth in claim 17, wherein the 
logical grouping is based upon a value characteristic and a risk tolerance characteristic 
of each of the plurality of members. 



19. (currently amended) The computer program as set forth in claim 16, 
wherein the detection s e rver code segment parsing the stored log records applies a 
threat-detection logic in conjunction with a pre-established threshold value in 
identifying the occurrence of the threat condition. 

20. (original) The computer program as set forth in claim 16, further 
comprising a code segment operable to provide to the plurality of members a security 
profile including - 

a log server IP address operable to identify the remote location to which the 
log records are to be copied; 

a configuration refresh frequency operable to a define a frequency at which 
the security profile should be queried; 

a device value operable to define the value of the plurality of members, 
wherein the device value is used in identifying the occurrence of the threat condition; 

a threshold value operable to define a logic to be used in identifying the 
occurrence of the threat condition; and 

an alert query frequency operable to define a frequency at which to query 
the alert status. 



21. (original) The computer program as set forth in claim 16, wherein the 
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alert automatically expires, if no additional action is taken, after a pre-defined period 
of time. 

22. (original) The computer program as set forth in claim 16, further 
including a code segment operable to send via a non-routable protocol a broadcast 
message to an edge device communicating the occurrence of the threat condition. 

23. (original) The computer program as set forth in claim 16, further 
including a code segment operable to communicate the occurrence of the threat 
condition to a second domain for evaluation and possible pre-emptive action. 

24. (currently amended) A method of facilitating a cooperative response by 
a plurality of members of a domain to a threat condition, with each of the plurality of 
members being operable to generate log records relating to the use and attempted use 
of the respective member, the method comprising the steps of: 

(a) receiving and storing copies of the log records of the plurality of 
members in a remote location; 

(b) parsing the stored log records in the remote location in identifying an 
occurrence of the threat condition in any of the plurality of members ; 

(c) setting an alert status in the remote location indicative of identification 
of the occurrence of the threat condition; and 

(d) allowing the plurality of members te periodically qu e ry querying the 
alert status, and, in response to an alert, te implemen ting a pre-defined action. 

25. (original) The method as set forth in claim 24, wherein the domain is 
defined as a logical grouping of the plurality of members which are not necessarily 
otherwise related. 

26. (original) The method as set forth in claim 25, wherein the logical 
grouping is based upon a value characteristic and a risk tolerance characteristic of each 
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of the plurality of members. 

27. (original) The method as set forth in claim 24, wherein the occurrence 
of the threat condition is identified by use of a threat-detection logic in conjunction 
with a pre-established threshold value. 

28. (original) The method as set forth in claim 24, further comprising the 
step of (e) providing to the plurality of members a security profile including - 

a log server IP address operable to identify the remote location to which the 
log records are to be copied; 

a configuration refresh frequency operable to a define a frequency at which 
the security profile should be queried; 

a device value operable to define the value of the plurality of members, 
wherein the device value is used in identifying the occurrence of the threat condition; 

a threshold value operable to define a logic to be used in identifying the 
occurrence of the threat condition; and 

an alert query frequency operable to define a frequency at which to query 
the alert status. 

29. (original) The method as set forth in claim 24, further comprising the 
step of (e) terminating the alert automatically, if no additional action is taken, after a 
pre-defined period of time. 

30. (original) The method as set forth in claim 24, further including the step 
of (e) allowing the plurality of members to send via a non-routable protocol a 
broadcast message to an edge device communicating the occurrence of the threat 
condition. 

31. (original) The method as set forth in claim 24, further comprising the 
step of (e) communicating the occurrence of the threat condition to a second domain 
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for evaluation and possible pre-emptive action. 
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